Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Yet Another IE Flaw (YAIEF) SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Yet Another IE Flaw (YAIEF)
Today, if you are plagued with farcical fulminations from Firefox fans or self-satisfied smirks from Safari sympathizers, it may be because of this, from Secunia:

"Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.  The vulnerability is caused due to an error in the processing of certain sequences of nested 'object' HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site.  Successful exploitation allows execution of arbitrary code."

Thanks to diligent reader Karl Prince for the heads-up.

I remember back in the mid-90's, we used to joke about a bug-of-the-month club for Sendmail.  Well, Sendmail has gotten far better, but perhaps we need a bug-of-the-week club, or even a zero-day-of-the-week (ZDotW) club for IE?

--Ed Skoudis

57 Posts
Apr 26th 2006

Sign Up for Free or Log In to start participating in the conversation!